Adobe Security Bulletin

Security hotfix available for RoboHelp Server | APSB22-31

Bulletin ID

Date Published

Priority

ASPB22-31

June 14,  2022     

3

Summary

Adobe has released a security hotfix for RoboHelp Server 11 (Update 3), and prior releases.  This hotfix resolves a security vulnerability that allows end users with non-administrative privileges to manipulate API requests and elevate their account privileges to that of a server administrator.
 This update resolves a vulnerability rated moderate. Successful exploitation could lead to privilege escalation.

Affected Versions

Product

Affected version

Platform

RoboHelp Server

RHS 11 Update 3 and earlier versions
 

Windows

Solution

Adobe categorizes these updates with the following priority rating and recommends users update their installation to the newest version:  

Product

Version

Platform

Priority rating

Availability

 

RoboHelp Server

RHS 11 (Update 3)

 

Windows

 

3

Vulnerability Details

Vulnerability Category

Vulnerability Impact

Severity

CVSS base score 

CVE Numbers

Improper Authorization (CWE-285)

Privilege escalation

Moderate

6.5

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N


CVE-2022-30670
 

Acknowledgments

Adobe would like to thank Heroku (heroku3) for reporting this issue CVE-2022-30670
and for working with Adobe to help protect our customers.   


For more information, visit https://helpx.adobe.com/security.html, or email PSIRT@adobe.com.

 Adobe

Pridobite pomoč hitreje in preprosteje

Ali ste nov uporabnik?